Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM27637CD647A3B0ED148B19A8677F3C75FD0D80A07EEAB6EC6592BA7D09C9B6E8
HistoryFeb 17, 2021 - 4:54 p.m.

Security Bulletin: A security vulnerability in MongoDB affects IBM Cloud Automation Manager.

2021-02-1716:54:26
www.ibm.com
7
mongodb
ibm cloud automation manager
security vulnerability
information disclosure
remote attack
cve-2020-7928
cvss 6.5
ibm cloud private

EPSS

0.001

Percentile

28.4%

JSON

Summary

A security vulnerability in MongoDB affects IBM Cloud Automation Manager.

Vulnerability Details

CVEID:CVE-2020-7928
**DESCRIPTION:**MongoDB Server could allow a remote authenticated attacker to obtain sensitive information. By issuing a specially crafted query that violates an invariant in the server selection subsystem, a remote attacker could exploit this vulnerability to obtain sensitive information and use this information to launch further attacks against the affected system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192277 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Automation Manager 4.2.0.1

Remediation/Fixes

Download IBM Cloud Automation Manager 4.2.0.1 ifix 2 from https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build600196&includeSupersedes=0

Follow the instructions in Readme link in https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Cloud+Private&release=All&platform=All&function=fixId&fixids=icp-cam-3.2.1-build600196&includeSupersedes=0 to install the ifix 2 to your IBM Cloud Automation Manager 4.2.0.1.

Workarounds and Mitigations

None

Related

osv 2
mongodb 1
ubuntucve 1
openvas 2
cvelist 1
nvd 1
cve 1
redhatcve 1
ibm 3
debiancve 1
prion 1
nessus 1
osv
osv
BIT-mongodb-2020-7928
2024-03-06 10:58:33
CVE-2020-7928
2020-11-23 17:15:12
mongodb
mongodb
Improper neutralization of null byte leads to read overrun
2020-11-23 17:20:00
ubuntucve
ubuntucve
CVE-2020-7928
2020-11-23 00:00:00
openvas
openvas
MongoDB 3.6 < 3.6.20, 4.0 < 4.0.20, 4.2 < 4.2.9, 4.4 < 4.4.1 Read Overrun Vulnerability - Windows
2020-12-02 00:00:00
MongoDB 3.6 < 3.6.20, 4.0 < 4.0.20, 4.2 < 4.2.9, 4.4 < 4.4.1 Read Overrun Vulnerability - Linux
2020-12-02 00:00:00
cvelist
cvelist
CVE-2020-7928 Improper neutralization of null byte leads to read overrun
2020-11-23 16:35:12
nvd
nvd
CVE-2020-7928
2020-11-23 17:15:12
cve
cve
CVE-2020-7928
2020-11-23 17:15:12
redhatcve
redhatcve
CVE-2020-7928
2020-11-23 20:51:37
ibm
ibm
Security Bulletin: A security vulnerability in MongoDB Server affects IBM Cloud Pak for Multicloud Management Managed Service
2021-05-13 19:33:33
Security Bulletin: IBM Cloud Private is vulnerable to MongoDB vulnerabilities (CVE-2020-7926, CVE-2020-7925, CVE-2020-7928)
2021-02-26 16:19:58
Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities
2021-02-26 20:44:22
debiancve
debiancve
CVE-2020-7928
2020-11-23 17:15:00
prion
prion
Buffer overflow
2020-11-23 17:15:00
nessus
nessus
Dell Wyse Management Suite < 3.2 Multiple Vulnerabilities (DSA-2021-070)
2021-04-07 00:00:00

EPSS

0.001

Percentile

28.4%

JSON
Related for 27637CD647A3B0ED148B19A8677F3C75FD0D80A07EEAB6EC6592BA7D09C9B6E8
osv2mongodb1ubuntucve1openvas2cvelist1nvd1cve1redhatcve1ibm3debiancve1prion1nessus1